VMware Workspace ONE Community
slaney
Contributor
Contributor
‎10-06-2020 01:46 PM
Jump to solution

Smart group criteria based on device/friendly name

I am trying to create a smart group that is looking for the device name of a particular device.  We are able to add in the device name into our friendly name shown.  The issue is that we have multiple devices at multiple locations.  We name the devices accordingly depending on the location that they are at.  We would like to be able to apply different policies depending on the location that they are at.  I do not see a way to specify a smart group based on a geo fence.  My next option that I would have thought would be more readily available was to target devices by their device name.

Labels (1)
Labels
Tags (1)
0 Kudos
1 Solution

Accepted Solutions
AaronWhittaker
Enthusiast
Enthusiast
‎10-06-2020 02:55 PM
Jump to solution

Ahh yes, VPN. How is your environment configured? Do you have one user to one device? Is every user is in a location based AD group? Or are your devices in location based AD groups? Basically, what is your criteria for the different groups?

If you are configured in a one user to one device and all the users are in location based AD groups then you can assign the OG based on the AD group (All Settings > Devices & Users > General > Enrollment > Grouping > Automatically Select Based on User Group). That will assign the device to that OG once the user logs in and the device is assigned to them.

Unfortunately, that only works for user groups not for computer groups. If the computers are in the groups you can use the same logic, it will just require a server side script to run on a schedule to move the device. Export the list of devices with their OGs and loop through them making sure that they are in the correct OG, if they aren't then the script will move them. You can have that run every 15 minutes, hour, day, whatever depending on what works best for your environment.

If none of that is doable for your environment, give us some more information and we might be able to come up with something else.

View solution in original post

0 Kudos
3 Replies
AaronWhittaker
Enthusiast
Enthusiast
‎10-06-2020 02:28 PM
Jump to solution

Hey, I think we are going to have some fun here.

The way that I would do it is with OGs and have an OG for each location that you have. If they have common applications/settings you can have nested OGs and that can be a good way to set it at the higher level and have that then flow down as well. There is an option to have your devices move OGs based on their IP range so if you had each location as a separate subnet, that could work. If you didn't and it was by something else, that gets a little tricky but not impossible. If that was the case, you would have to have a start up script on each device that detects your criteria and then using APIs moves the device to the correct OG.

Once they are in the OG, the smart group is simple. Create your smart group and untick the OGs you don't want to be in that group.

If you didn't want to go down the OG route and keep them all in a single OG then your best bet is tagging. This could be done again via a logon script that detects your criteria and then adds the tag to the device. Once the device has the tag, it gets assigned to the relevant smart group you have created.

0 Kudos
slaney
Contributor
Contributor
‎10-06-2020 02:36 PM
Jump to solution

Hmm, I like this line of thinking.  The one question then is how a VPN would affect the OG.  If Workspace One sees the device's IP as the IP that the VPN is using then they would all be in a similar subnet, if it looks at the IP before the VPN then that should work flawlessly.

0 Kudos
AaronWhittaker
Enthusiast
Enthusiast
‎10-06-2020 02:55 PM
Jump to solution

Ahh yes, VPN. How is your environment configured? Do you have one user to one device? Is every user is in a location based AD group? Or are your devices in location based AD groups? Basically, what is your criteria for the different groups?

If you are configured in a one user to one device and all the users are in location based AD groups then you can assign the OG based on the AD group (All Settings > Devices & Users > General > Enrollment > Grouping > Automatically Select Based on User Group). That will assign the device to that OG once the user logs in and the device is assigned to them.

Unfortunately, that only works for user groups not for computer groups. If the computers are in the groups you can use the same logic, it will just require a server side script to run on a schedule to move the device. Export the list of devices with their OGs and loop through them making sure that they are in the correct OG, if they aren't then the script will move them. You can have that run every 15 minutes, hour, day, whatever depending on what works best for your environment.

If none of that is doable for your environment, give us some more information and we might be able to come up with something else.

0 Kudos